online prescription solutions
online discount medstore
pills online
buy lorazepam without prescription
xanax for sale
buy xanax without prescription
buy ambien without prescription
ambien for sale
buy modafinil without prescription
buy phentermine without prescription
modafinil for sale
phentermine for sale
lorazepam for sale
buy lexotan without prescription
bromazepam for sale
xenical for sale
buy stilnox without prescription
valium for sale
buy prosom without prescription
buy mefenorex without prescription
buy sildenafil citrate without prescription
buy adipex-p without prescription
librium for sale
buy restoril without prescription
buy halazepam without prescription
cephalexin for sale
buy zoloft without prescription
buy renova without prescription
renova for sale
terbinafine for sale
dalmane for sale
buy lormetazepam without prescription
nobrium for sale
buy klonopin without prescription
priligy dapoxetine for sale
buy prednisone without prescription
buy aleram without prescription
buy flomax without prescription
imovane for sale
adipex-p for sale
buy niravam without prescription
seroquel for sale
carisoprodol for sale
buy deltasone without prescription
buy diazepam without prescription
zopiclone for sale
buy imitrex without prescription
testosterone anadoil for sale
buy provigil without prescription
sonata for sale
nimetazepam for sale
buy temazepam without prescription
buy xenical without prescription
buy famvir without prescription
buy seroquel without prescription
rivotril for sale
acyclovir for sale
loprazolam for sale
buy nimetazepam without prescription
buy prozac without prescription
mogadon for sale
viagra for sale
buy valium without prescription
lamisil for sale
camazepam for sale
zithromax for sale
buy clobazam without prescription
buy diflucan without prescription
modalert for sale
diflucan for sale
buy alertec without prescription
buy zyban without prescription
buy serax without prescription
buy medazepam without prescription
buy imovane without prescription
mefenorex for sale
lormetazepam for sale
prednisone for sale
ativan for sale
buy alprazolam without prescription
buy camazepam without prescription
buy nobrium without prescription
mazindol for sale
buy mazindol without prescription
buy mogadon without prescription
buy terbinafine without prescription
diazepam for sale
buy topamax without prescription
cialis for sale
buy tafil-xanor without prescription
buy librium without prescription
buy zithromax without prescription
retin-a for sale
buy lunesta without prescription
serax for sale
restoril for sale
stilnox for sale
lamotrigine for sale

Cloud Computing for the Financial Services Industry

This post examines legal and regulatory issues facing the adoption of cloud computing in the financial services industry. While cloud computing has given the companies that use it the ability to operate more efficiently at reduced cost, the financial services industry has been slow to adopt this technology because of different state, federal, international, and industry regulations unique to this area.  We begin with an overview of cloud computing, continue by focusing on specific hurdles preventing widespread adoption of this technology in the financial services industry, and conclude with recommendations for how to successfully integrate cloud computing into the industry

What is cloud computing?

Cloud computing is simply another name for a method of providing to clients convenient and on-demand access to a pool of virtualized resources such as servers, development platforms, or software programs. Cloud computing allows clients more efficient use of resources such as IT capital outlays through the use of the internet or other networks to adjust for demand in computing resources without the large expenditures associated with maintaining a large warehouse of servers.

Clouds can be classified as public, private, or hybrids. Public clouds are managed and owned by the Cloud Service Provider (“CSP”), while private clouds are managed and owned by the corporation utilizing the service, and hybrids are a mix between the two. Cloud s can also be classified as Infrastructure-as-a-Service (“IaaS”), Platform-as-a-Service (“PaaS”), or Software-as-a-Service (“SaaS”). IaaS models are essentially a replacement for internal data centers. PaaS models use a platform-based approach to developing or customizing business applications. Finally, SaaS models deliver applications through a client, such as a web browser.

Firms in the financial services industry have been slow to adopt cloud-computing technologies in core areas such as investment banking because of confidentiality, security, and regulatory compliance issues. Most of the adoption of cloud computing in the financial services industry has involved using IaaS models on non-critical services such as software patches, maintenance, and other IT services. Transitioning into higher value-added models such as PaaS and SaaS will require traversing the difficult legal, economic, and technical landscape of cloud computing.

What are some of the legal and regulatory issues facing firms in financial services who wish to take advantage of cloud computing?

The financial services industry is one of the most heavily regulated in the world. To effectively and economically service clients in the financial services industry, CSPs will have to navigate a patchwork of state, federal, industry, and international regulations dealing with data privacy and protection. In this post we classify legal issues into two broad categories: those dealing with data location and transfer, and those dealing with data accessibility.

  1. 1. Data Location and Transfer

Depending on the type of information being held in the cloud, regulations may prohibit where that data can be physically stored and how/where it may be transferred. For example, the use of a CSP to store customer data may trigger disclosure requirements by the client as part of the Gramm-Leach-Bliley Act, which requests that companies explain their information-sharing practices to their customers. Other regulations require that data not be intermixed with other types of data on shared servers or databases. A clear understanding of where client data resides physically in the cloud will be important to any successful CSP that hopes to successfully serve banks and other financial institutions.

Regulations will also impact how CSPs and clients can transfer data held in the cloud. EU Directive 95/46/EC, commonly known as the Data Protection Directive, addresses personal data or personally identifiable information and constricts how and where that information may be transferred. Personally identifiable information can only be transferred to those countries that are deemed to provide adequate security. Companies can utilize the Safe Harbor Agreement to transfer data from the EU to the US by following a set of Federal Trade Commission regulations, verifying compliance through self or third-party assessment, and registering with the Department of Commerce. Finally, other regulations may require that data be encrypted during storage as well as transmission.

  1. 2. Data Accessibility

Regulatory issues relating to data accessibility are another area of concern for financial institutions. Privacy regulations may restrict the users authorized to access certain kinds of data. These regulations will also require CSPs to be able to quickly de-provision or revoke access privileges and monitor use when employees leave or transfer.

In addition to restricting access to data because of privacy or security concerns, CSPs will need to deal with compliance in auditing and e-discovery. In the past, financial institutions have preferred to build private clouds because of the greater control those companies have over their own private clouds and because of the ability to perform SAS-70 audits more quickly. CSPs, since they are third parties to the financial institutions, will be utilizing public clouds. They will need to build SAS-70 compliant applications, and will also need to attain the appropriate security certifications such ISO 27001 and FIPS 140-2 for their clouds. These standards are part of a family of security compliance standards that will be sure to grow as the industry matures.

Furthermore, CSPs will need to deal with subpoenas and regulations such as the USA-PATRIOT Act and the UK Regulation of Investigatory Powers Act. Financial institutions are concerned about the possibility that third parties may gain access to financial data without the company’s knowledge if the CSP receives a subpoena, or is the subject of a criminal or national security investigation. If the data in the cloud is subject to e-discovery, financial institutions will also need to know how document holds are enforced, how metadata is protected, and how information is searched for and retrieved.

What are some possible solutions?

For the individual CSP, all of the preceding issues will need to be dealt with primarily via contract. Contracts will need to specify the physical location of the data, the other types of data that are stored on the server, how and where that data is transferred, how the CSP will respond to legal requests for information, how the CSP will respond to audit requests, who will be liable, and to what extent, in the event of a security breach or disaster, and so forth. Drafting strong contracts will require understanding the state, federal, international, and industry regulations that cover a typical financial services firm. While cloud computing has been around for a long time and provides the basis for many of the applications and platforms consumers and businesses use daily, the slow development of adequate contracts has hindered the growth of cloud computing in the financial services industry. Understanding these regulatory issues will be key for a successful CSP in the financial services industry.

From a broader perspective, it may be beneficial for regulators and lawmakers to partner with financial services firms and CSPs to draft new regulations that would allow the industry to take advantage of cloud computing technologies to reduce the cost of doing business.


About the Author

Edi Rumano

Edi Rumano is a Staffer for the Columbia Science and Technology Law Review. He is a 2L at Columbia Law School.
  • lgtm314159/Cloud-Computing · GitHub – What is Cloud Computing – Cloud Computing

    [...] This post examines legal and regulatory issues facing the adoption of cloud computing in the financial services industry. While cloud computing has given the ……/cloud-computing-for-the-financial-services-in… [...]

blog comments powered by Disqus